testing on lebubu

caddy/Caddyfile

@@ -0,0 +1,36 @@
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# https://caddyserver.com/docs/caddyfile
+
+
+# The configuration below serves a welcome page over HTTP on port 80.  To use
+# your own domain name with automatic HTTPS, ensure your A/AAAA DNS record is
+# pointing to this machine's public IP, then replace `http://` with your domain
+# name.  Refer to the documentation for full instructions on the address
+# specification.
+#
+# https://caddyserver.com/docs/caddyfile/concepts#addresses
+http:// {
+
+    # Set this path to your site's directory.
+    root * /usr/share/caddy
+
+    # Enable the static file server.
+    file_server
+
+    # Another common task is to set up a reverse proxy:
+    # reverse_proxy localhost:8080
+
+    # Or serve a PHP site through php-fpm:
+    # php_fastcgi localhost:9000
+
+    # Refer to the directive documentation for more options.
+    # https://caddyserver.com/docs/caddyfile/directives
+
+}
+
+
+# As an alternative to editing the above site block, you can add your own site
+# block files in the Caddyfile.d directory, and they will be included as long
+# as they use the .caddyfile extension.
+import Caddyfile.d/*.caddyfile

caddy/Caddyfile.d/10-nextcloud.caddyfile

@@ -0,0 +1,20 @@
+cloud.lebubu.org cloud.rotehaare.art {
+	redir /.well-known/carddav /remote.php/dav/ 301
+	redir /.well-known/caldav /remote.php/dav/ 301
+	reverse_proxy 10.77.0.2:8081 {
+		header_up Host {upstream_hostport}
+		header_up X-Real-IP {remote_host}
+		header_up X-Forwarded-For {remote_host}
+		header_up X-Forwarded-Proto {scheme}
+	}
+
+	header {
+		X-Frame-Options "SAMEORIGIN"
+		X-Content-Type-Options "nosniff"
+		X-Permitted-Cross-Domain-Policies "none"
+		X-XSS-Protection "1; mode=block"
+		Referrer-Policy "no-referrer-when-downgrade"
+		Strict-Transport-Security "max-age=15552000; includeSubDomains"
+		-Server
+	}
+}

caddy/Caddyfile.d/15-private.caddyfile

@@ -0,0 +1,18 @@
+(secure_mtls) {
+	tls {
+		client_auth {
+			mode require_and_verify
+			trusted_ca_cert_file /etc/caddy/client_ca.pem
+		}
+	}
+}
+
+home.lebubu.org, indexer.lebubu.org, xxx.lebubu.org {
+	import secure_mtls
+
+	@home host home.lebubu.org
+	@indexer host indexer.lebubu.org
+
+	reverse_proxy @home 10.77.0.2:8082
+	reverse_proxy @indexer 10.77.0.2:9696
+}

caddy/Caddyfile.d/15-private.caddyfile__

@@ -0,0 +1,29 @@
+(oauth2_common) {
+	@oauth2path path /oauth2/*
+	handle @oauth2path {
+		reverse_proxy 10.77.0.2:4180
+	}
+
+	handle {
+		forward_auth 10.77.0.2:4180 {
+			uri /oauth2/auth
+			copy_headers X-Auth-Request-User X-Auth-Request-Email
+		}
+	}
+}
+
+auth-proxy.lebubu.org {
+	reverse_proxy 10.77.0.2:4180
+}
+
+home.lebubu.org, indexer.lebubu.org, xxx.lebubu.org {
+	import oauth2_common
+	@home host home.lebubu.org
+	@indexer host indexer.lebubu.org
+	@xxx host xxx.lebubu.org
+	handle {
+		reverse_proxy @home 10.77.0.2:8082
+		reverse_proxy @indexer 10.77.0.2:9696
+		reverse_proxy @xxx 10.77.0.2:9999
+	}
+}

caddy/Caddyfile.d/20-servers.caddyfile

@@ -0,0 +1,79 @@
+analytics.lebubu.org {
+	reverse_proxy 10.77.0.2:8439
+}
+
+cache.lebubu.org {
+	reverse_proxy 10.77.0.2:2343
+}
+
+audiobooks.lebubu.org {
+	reverse_proxy 10.77.0.2:5687
+}
+
+mealie.lebubu.org {
+	reverse_proxy 10.77.0.2:9925
+}
+
+git.lebubu.org {
+	reverse_proxy 10.77.0.2:9083
+}
+
+subs.lebubu.org {
+	reverse_proxy 10.77.0.2:6767
+}
+
+collabora.lebubu.org {
+	reverse_proxy 10.77.0.2:9980
+}
+
+library.lebubu.org {
+	reverse_proxy 10.77.0.2:5000
+}
+
+music.lebubu.org {
+	reverse_proxy 10.77.0.2:8686
+}
+
+maloja.lebubu.org {
+	reverse_proxy 10.77.0.2:42010
+}
+
+copy.lebubu.org {
+	reverse_proxy 10.77.0.2:8086
+}
+
+scrobble.lebubu.org {
+	reverse_proxy 10.77.0.2:9078
+}
+
+plex.lebubu.org plex.rotehaare.art {
+	reverse_proxy 10.77.0.2:32400
+}
+
+movies.lebubu.org {
+	reverse_proxy 10.77.0.2:7878
+}
+
+laters.lebubu.org {
+	reverse_proxy 10.77.0.2:9546
+}
+
+links.lebubu.org {
+	reverse_proxy 10.77.0.2:3000
+}
+
+tracker.lebubu.org {
+	reverse_proxy 10.77.0.2:8765
+}
+
+series.lebubu.org {
+	reverse_proxy 10.77.0.2:8989
+}
+
+vault.lebubu.org {
+	reverse_proxy 10.77.0.2:8222
+}
+
+bajameesta.lebubu.org {
+	reverse_proxy 10.77.0.2:8881
+}

caddy/Caddyfile.d/25-static.caddyfile

@@ -0,0 +1,98 @@
+(hugo_common) {
+	encode zstd gzip
+
+	header {
+		X-Frame-Options "SAMEORIGIN"
+		X-Content-Type-Options "nosniff"
+		X-XSS-Protection "1; mode=block"
+		Referrer-Policy "strict-origin-when-cross-origin"
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	}
+
+	@static {
+		path *.jpg *.jpeg *.png *.gif *.ico *.css *.js *.svg *.woff *.woff2 *.ttf *.xml
+	}
+
+	handle @static {
+		file_server
+		header {
+			Cache-Control "public, max-age=31536000, immutable"
+		}
+	}
+	@html {
+		path *.html
+	}
+	handle @html {
+		file_server
+		try_files {path} {path}/ /index.html
+	}
+
+	handle {
+		file_server
+		try_files {path} {path}/ /index.html
+	}
+
+	@hidden {
+		path_regexp ^.*/\..*$
+	}
+	respond @hidden 404
+
+	handle /js/script.js {
+		rewrite * /js/script.file-downloads.hash.outbound-links.js
+		reverse_proxy https://analytics.lebubu.org {
+			header_up Host analytics.lebubu.org
+		}
+	}
+
+	handle /api/event {
+		reverse_proxy https://analytics.lebubu.org {
+			header_up Host analytics.lebubu.org
+		}
+	}
+}
+
+www.danilo-reyes.com {
+	redir https://danilo-reyes.com{uri}
+}
+
+www.blog.danilo-reyes.com {
+	redir https://blog.danilo-reyes.com{uri}
+}
+
+danilo-reyes.com {
+	root * /var/www/html/portfolio
+	import hugo_common
+}
+
+blog.danilo-reyes.com {
+	route {
+		handle_path /isso* {
+			reverse_proxy 10.77.0.2:8180
+		}
+		root * /var/www/html/blog
+		import hugo_common
+	}
+}
+
+mb-report.lebubu.org {
+	root * /var/www/html/lidarr-mb-gap
+	file_server
+	encode gzip zstd
+
+	try_files {path} /missing_albums.html
+
+	@html {
+		path *.html
+	}
+	header @html Content-Type "text/html; charset=utf-8"
+
+	@json {
+		path *.json
+	}
+	header @json Content-Type "application/json"
+
+	header {
+		X-Content-Type-Options "nosniff"
+		X-Frame-Options "SAMEORIGIN"
+	}
+}

caddy/Caddyfile.d/40-jellyfin.caddyfile

@@ -0,0 +1,13 @@
+flix.lebubu.org {
+	reverse_proxy 10.77.0.2:8096 {
+		header_up Host {host}
+		header_up X-Real-IP {remote_host}
+		header_up X-Forwarded-For {remote_host}
+		header_up X-Forwarded-Proto {scheme}
+		header_up X-Forwarded-Host {host}
+
+		# WebSocket support (automatic in Caddy, but explicit is fine)
+		header_up Connection {>Connection}
+		header_up Upgrade {>Upgrade}
+	}
+}

caddy/Caddyfile.d/5-keycloak.caddyfile

@@ -0,0 +1,9 @@
+auth.lebubu.org {
+	tls internal
+	reverse_proxy 10.77.0.2:8090 {
+		header_up X-Forwarded-Proto https
+		header_up X-Forwarded-For {remote_host}
+		header_up X-Forwarded-Host {host}
+		header_up Host {host}
+	}
+}

caddy/Caddyfile.d/75-qbittorrent.caddyfile

@@ -0,0 +1,4 @@
+torrent.lebubu.org {
+  reverse_proxy 127.0.0.1:9345
+}
+

caddy/client_ca.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFmzCCA4OgAwIBAgIUPBgrOAnSgT+y9+zaFaCuVkwi/M4wDQYJKoZIhvcNAQEL
+BQAwXTELMAkGA1UEBhMCTVgxEjAQBgNVBAgMCVNvbWVTdGF0ZTERMA8GA1UEBwwI
+U29tZUNpdHkxEDAOBgNVBAoMB0phd1pEZXYxFTATBgNVBAMMDEphd1ogUm9vdCBD
+QTAeFw0yNTA3MTYxOTMxMTBaFw0zNTA3MTQxOTMxMTBaMF0xCzAJBgNVBAYTAk1Y
+MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRAwDgYDVQQK
+DAdKYXdaRGV2MRUwEwYDVQQDDAxKYXdaIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDwcWfnMDBzdukPZUa0pbY3tHG2ONEZMDUsxo5T5veq
+KrMfsu7U9tE8AY+AVl0Qz9hpBHN+GmktXQlimPkm4tSVKJMjk0iWYgZn8tTMB+AL
+i3gl/bt7qP+59U7gQbojkp6B0xCMCynPlsgcMiIcZWFmNVrG6ehh4B+wuG52gWVw
+TrwhDjHhxsrc66DkgC/59Pm60JqHlBhuhv9HB/q9JM3HLQ63XUwhvTVJ29tSiJZl
+WpKFr5s8nfE2FIXIHzi+o+Lo3n9wvdCzNfaRUStLWbROzF97jY4VIxIDk/loQH4T
+6oXBGlRe8M+G1XL/waRDySxL26jRVG8bUEv4mh/Hd9Rs0JcUOl6lFiGndJMjMyom
+ZgAlhi2Id2AzkT28utdYQqKUuaTy1SwLkrcOu9k2/dw7Uf7aK5WCraOth5ys+lw+
+mzga4gNGc3Am9soFHjI56Qxvhf+Aa5tlASwpzrjsc7PJEZJXorE40uZsB/q1PafP
+AIqVsSoT+Q6h6bld0EuQ5W4i1LTipZEPUaF673tGCXuI40AeTI44SFKcGm9XG1ic
+I25OxuIKyl5sCANkryOHjNKY4SkzXKSpML3PYbfSKK7xDpeFofIYKnRfJm4qmBNd
+lKT+ti4Hnvr8NZDRWyxC5SIDF1fdkslNu/HoAoL8JdXPYnitlTL7A5mF5PVPHom7
+XwIDAQABo1MwUTAdBgNVHQ4EFgQUhquhsVpNS4shC+7DMxOK4/wYYEswHwYDVR0j
+BBgwFoAUhquhsVpNS4shC+7DMxOK4/wYYEswDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAU8nSV6DqCZSDxWpa8JSBmZFnO2oZIRF9Nw/1QcpMOGUR
+pnWyQ03QtEgXYMwvxN/FOcGvYwg0LyYy07rzlpe5n2wRBaTrPCZ928f5j0nhADjC
+GYutxhbO4WYvBKUY88qYCrJRa1Aw1B/CsGCmH5f+aND6fyxZ6Lx9CQ8O43f+QCOE
+ltkbHRvjxYyVpDkgccDwetMDURKKrzkibUskeCPt0TjZbLKUq/cDspdAjSJgIJrz
+a50JbniKUG5Qcav3P2aA6NluOKFJfYh+146uafC6WofUtx2Vv5lViYMlIDnqN4L0
+xUzN5hB1kwF+4v1PO9/olafKqmgZ8FD/ipMYq2aYX4u9RJHLD6hMPUJpgKPRhGfi
+ul9rYv6rC+pQNIn4s287sAPru5IgIzPBBCbqXSkoue7V/mpqRuZZRX84V6CzlYDc
+0knoG2TL6aEWO+vj1mROgOuagyqyb3NZvgySE7GieW4tdvZhdYJJxdXh/tBQCg9E
+iVcQH0rNJ+0jsybFWPqdOIZ6sH78SvY+J4KhqZ3Il/WCxCTs/Ccb/RMkhRm+bfSX
+1FxoKF20b3RJ6g9N1oOj+12oK8jwMpUbaG/oAZh0TgZf1FUKic2f6jhMZLus8fGe
+nyHza9mHbN1M8d9hX7U3gkepY8RVhSNL5erNp1zsBtZ4UNmouGm53wgjYZPYkrc=
+-----END CERTIFICATE-----
+

hosts/vps/toggles.nix

@@ -9,7 +9,6 @@ let
   mkEnabledProxyIp = inputs.self.lib.mkEnabledProxyIp wgServerIp;
 in
 {
-  domain = "servidos.lat";
   enableProxy = true;
   enableContainers = true;
   apps.dictionaries.enable = true;

jawz_hist

@@ -0,0 +1,634 @@
+exit
+cd
+ls
+ls .ssh
+ls ~/.ssh/
+ls -lag
+ls -la
+sudo chown -R jawz:jawz ./
+ls -lag
+ls -la
+ls .ssh/
+ls .ssh/ -la
+sudo systemctl enable  --now wg-quick@wg0
+sudo nano /etc/sysctl.d/99-ipforward.conf
+ls
+sudo -i
+sudo systemctl status sshd.service 
+sudo systemctl restart sshd.service 
+journalctl -xeu sshd
+sudo -i
+sudo systemctl status sshd
+sudo ss -ltnp | grep ssh
+sudo semanage port -l | grep ssh_port_t
+sudo ss -ltnp | grep 3456 || sudo ss -ltnp | grep sshd
+ping google.com
+sudo systemctl stop wg-quick@wg0.service 
+ping google.com
+sudo systemctl disable wg-quick@wg0.service
+exi
+exit
+sudo rmdir /etc/caddy/Caddyfile.d/
+sudo -i
+exit
+ls
+rm histfile 
+rm iptables*
+ls
+rm sudo_histfile 
+cat syncthingblocked 
+rm syncthingblocked 
+ls
+exit
+sudoedit /etc/wireguard/wg0.conf
+export TERM=xterm-256color
+sudoedit /etc/wireguard/wg0.conf
+sudo systemctl restart wg-quick
+sudo systemctl restart wg-quick@wg0.service 
+sudoedit /etc/wireguard/wg0.conf
+sudo -i
+sudo tcpdump
+sudo dnf install tcpdump
+sudo tcpdump -i wg0 host 10.77.0.2 -n -v
+sudoedit /etc/sysconfig/iptables
+export TERM=xterm-256color
+sudoedit /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+ping google.com
+sudo ss -ltnp | grep 3456 || sudo ss -ltnp | grep sshd
+sudo sed -n '1,200p' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*.conf 2>/dev/null | egrep -n '^(Port|ListenAddress)'
+sudo iptables -S
+cat /etc/sysconfig/iptables
+sudo cat /etc/sysconfig/iptables
+sudo systemctl enable --now iptables
+sudo systemctl start iptables
+sudo systemctl restart iptables
+sudo iptables -S
+sudo systemctl enable wg-quick@wg0
+sudo systemctl start wg-quick@wg0
+ping google.com
+sudo -i
+sudo wg sow
+sudo wg show
+ls
+cd /etc/caddy/Caddyfile.d/
+ls
+cat fun.caddyfile__ 
+ls
+clear
+mv portfolio.caddyfile_bkp portfolio.caddyfile
+sudo mv portfolio.caddyfile_bkp portfolio.caddyfile
+sudo systemctl restart caddy
+clear
+export TERM=xterm-256color
+iptables-s
+sudo iptables -S
+sudo iptables -s
+sudo iptables -S
+clear
+cat /etc/sysconfig/iptables
+sudo cat /etc/sysconfig/iptables
+sudo -i
+sudo reboot
+exit
+ping google.com
+sudo systemctl restart iptables
+sudo systemctl enable iptables
+exit
+sudo -i
+exit
+sudo iptables -vnL FORWARD | grep 22000
+sudo -i
+sudo iptables -L FORWARD -n -v --line-numbers
+cat /etc/sysconfig/iptables
+sudo cat /etc/sysconfig/iptables
+sudoedit /etc/sysconfig/iptables
+export TERM=xterm-256color
+sudoedit /etc/sysconfig/iptables
+clear
+sudo cat /etc/sysconfig/iptables
+sudoedit /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+sudoedit /etc/sysconfig/iptables
+wg show 
+sudo wg show 
+ping -c 3 10.8.0.2
+nc -zv 10.77.0.2 22000
+sudo -i
+exit
+sudo -i
+exit
+sudo systemctl disable iptables
+sudo systemctl enable iptables
+sudo systemctl status iptables
+sudo systemctl start iptables
+sudo -i
+exit
+sudo dnf install starship
+sudo dnf copr enable atim/starship 
+sudo dnf install starship
+nano .bashrc 
+export TERM=xterm-256color
+nano .bashrc 
+bash
+exit
+nano /etc/hostname 
+export TERM=xterm-256color
+nano /etc/hostname 
+sudoedit /etc/hostname 
+exit
+sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+export TERM=xterm-256color
+sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+export EDITOR=neovim
+sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+EDITOR=neovim sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+EDITOR=nvim sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo -i
+exit
+sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+exit
+sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo -i
+exit
+export TERM=xterm-256color
+sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy
+export TERM=xterm-256color
+sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy
+sudo -i
+exit
+sudo mkdir -p /var/www/html
+sudo mkdir -p /var/www/html/lidarr-mb-gap
+sudo useradd -m -s /bin/bash lidarr-reports
+sudo chown -R lidarr-reports:lidarr-reports /var/www/html/lidarr-mb-gap/
+exit
+sudo -u lidarr-reports bash
+exit
+sudo -u lidarr-reports 
+sudo -u lidarr-reports  bash
+sudo -i
+exit
+sudo -u lidarr-mb-gap cat /var/lib/lidarr-mb-gap/.ssh/id_ed25519.pub
+exit
+sudo -u lidarr-reports
+sudo -u lidarr-reports bash
+exit
+sudo -u lidarr-reports ssh-keygen -l -f /home/lidarr-reports/.ssh/ed25519_lidarr-mb-gap.pub
+exit
+sudo -u lidarr-reports -u bash
+sudo -u lidarr-reports bash
+exit
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+exit
+sudo dnf install rsync
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile
+sudo systemctl restart caddy.service 
+ls
+cd /var/www/html/lidarr-mb-gap/
+ls
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile
+sudo systemctl restart caddy.service 
+nc -zv 10.77.0.2 8999
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile
+sudo nvim /etc/caddy/Caddyfile.d/10-nextcloud.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile
+sudo systemctl restart caddy
+ls
+cd /etc/wireguard/
+sudo -i
+exit
+cd /etc/caddy/Caddyfile.d/
+ls
+nvim 15-private.caddyfile 
+mv 15-private.caddyfile 15-private.caddyfile_
+sudo mv 15-private.caddyfile 15-private.caddyfile_
+nvim 15-private.caddyfile 
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+exit
+cd /etc/caddy/Caddyfile.d/
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+exit
+cd /etc/caddy/Caddyfile.d/
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+exit
+sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile
+sudo nvim /etc/caddy/Caddyfile.d/10-nextcloud.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile 
+sudo systemctl restart caddy
+sudo nvim 15-private.caddyfile 
+cd /etc/caddy/Caddyfile.d/
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+sudo nvim 15-private.caddyfile 
+cat 15-private.caddyfile
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+sudo nvim 15-private.caddyfile 
+sudo nvim 15-private.caddyfile_
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+exit
+sudo systemctl restart caddy
+sudo nvim 
+cd /etc/caddy/Caddyfile.d/
+sudo nvim 15-private.caddyfile 
+cat 15-private.caddyfile_ 
+sudo nvim 15-private.caddyfile 
+cat 15-private.caddyfile
+sudo nvim 15-private.caddyfile 
+sudo systemctl restart caddy
+sudo nvim 15-private.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/15-private.caddyfile 
+sudo systemctl restart caddy
+systemctl status caddy
+sudo nvim /etc/caddy/Caddyfile.d/15-private.caddyfile 
+sudo systemctl restart caddy
+cd /etc/caddy/Caddyfile.d/
+ls
+sudo nvim 20-servers.caddyfile 
+sudo nvim 40-jellyfin.caddyfile
+sudo systemctl restart jel
+sudo systemctl restart caddy
+cd /etc/caddy/Caddyfile.d/
+ls
+mv 15-private.caddyfile 15-private.caddyfile__
+sudo mv 15-private.caddyfile 15-private.caddyfile__
+sudo mv 15-private.caddyfile_ 15-private.caddyfile
+sudo systemctl restart caddy
+exit
+dig servidos.lat A
+sudo dnf install dig
+dig servidos.lat A
+exit
+curl servidos.lat
+exit
+curl servidos.lat
+dig servidos.lat A
+curl -v 130.211.27.102
+curl -v 130.211.27.102:443
+curl -v https://130.211.27.102
+curl servidos.lat
+curl https://servidos.lat
+curl-v https://servidos.lat
+curl -v https://servidos.lat
+dig servidos.lat A
+exit
+dig servidos.lat A
+exit
+dig servidos.lat A
+exit
+dig servidos.lat A
+exit
+dig servidos.lat A
+exit
+dig servidos.lat A
+curl -v https://servidos.lat
+exit
+sudo useradd -m -s /bin/bash deploy
+sudo groupadd -f www-data
+sudo usermod -aG www-data deploy
+ls -lag /var/www/html/
+sudo mkdir /var/www/html/portfolio
+sudo chown -R root:www-data /var/www/html/portfolio/
+sudo chmod -R 775 /var/www/html/portfolio/
+ssh-keygen -t ed25519 -C "deploy@portfolio" -f ~/.ssh/portfolio_deploy
+cat ~/.ssh/portfolio_deploy.pub 
+sudo -u deploy
+sudo -u deploy bash
+ls
+ls -lag
+cat ~/.ssh/portfolio_deploy
+exit
+su
+sudo -u
+sudo -i
+cat ~/.ssh/portfolio_deploy
+exit
+sudo systemctl restart iptables
+exit
+ls
+ls ~/.ssh/authorized_keys 
+cat ~/.ssh/authorized_keys 
+sudo systemctl restart iptables.service 
+sudo systemctl status iptables.service 
+cat /etc/sysconfig/iptables
+sudo cat /etc/sysconfig/iptables
+exit
+ls
+exit
+cd /var/www/html/portfolio/
+ls -lag
+ls
+sudo -u deploy bash
+ls
+exit
+sudo systemctl restart caddy
+cd /var/www/html/portfolio/
+ls
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+sudo chown -R deploy:www-data /var/www/html/portfo 
+sudo chown -R deploy:www-data /var/www/html/portfolio/
+exit
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo mkdir /var/www/html/blog
+sudo chown deploy:www-data /var/www/html/blog/ -R
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+sudo chmod -R 775 /var/www/html/portfolio
+ls -la /var/www/html/portfolio/
+sudo chown -$ deploy:www-data /var/www/html/portfolio/
+sudo chown -R deploy:www-data /var/www/html/portfolio/
+sudo -i
+ls -la /var/www/html/portfolio/friends/ | grep "001_chicken_hu"
+sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+df -h
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy && exit
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy && exit
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+journalctl -xeu caddy.service
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+journalctl -xeu caddy.service
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy && exit
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+curl -sI "https://danilo-reyes.com/isso/js/embed.min.js" 
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy && exit
+curl -sI "https://danilo-reyes.com/isso/js/embed.min.js" 
+curl -vkI https://blog.danilo-reyes.com/isso/js/embed.min.js
+sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+curl -vkI https://blog.danilo-reyes.com/isso/
+curl -vkI https://blog.danilo-reyes.com/isso/js/embed.min.js
+curl -vkI http://10.77.0.2:8180/
+curl -vkI http://10.77.0.2:8180/js/embed.min.js
+curl -vkI http://10.77.0.2:8180/
+curl -vkI http://10.77.0.2:8180/js/embed.min.js
+curl -vkI https://blog.danilo-reyes.com/isso/js/embed.min.js
+curl -vkI https://blog.danilo-reyes.com/isso/
+curl -vkI https://blog.danilo-reyes.com/isso
+9;6u
+timedatectl status
+date-u
+date -u
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+exit
+sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+exit
+sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo cat /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo dnf search opentracker
+sudo dnf install -y git gcc make libowfat-devel
+git clone https://erdgeist.org/gitweb/opentracker
+cd opentracker/
+make
+sudo dnf install -y libowfat-devel
+make clean
+make CFLAGS="-I/usr/include/libowfat"
+sudo dnf install -y zlib-devel
+make CFLAGS="-I/usr/include/libowfat"
+git submodule update --init
+make clean
+make
+ls
+cd ..
+git clone git@github.com:masroore/libowfat.git
+sudo dnf install libowfat
+git clone git@github.com:masroore/libowfat.git
+podman
+docker
+exit
+sudo dnf copr enable dlk/rpms
+sudo dnf install opentracker
+rm opentracker/
+rm opentracker/ -rf
+sudo systemctl enable --now opentracker
+sudo systemctl status opentracker
+sudo cat /etc/opentracker.conf 
+sudo nvim /etc/opentracker.conf 
+sudo nvim /etc/caddy/Caddyfile.d/15-private.caddyfile
+sudo grep -r 6969 /etc/caddy/Caddyfile.d/
+sudo nvim /etc/opentracker.conf 
+sudo systemctl restart opentracker.service 
+sudo systemctl status opentracker
+sudo nvim /etc/opentracker.conf 
+sudo systemctl restart opentracker.service 
+sudo systemctl status opentracker
+sudo install -d -m 0750 /var/lib/opentracker
+sudo install -m 0640 /dev/null /var/lib/opentracker/whitelist
+sudo install -m 0640 /dev/null /var/lib/opentracker/blacklist
+sudo systemctl restart opentracker.service 
+sudo systemctl status opentracker
+ls -lag /var/lib/opentracker/
+sudo ls -lag /var/lib/opentracker/
+sudo nvim /etc/opentracker.conf 
+sudo systemctl restart opentracker.service 
+sudo systemctl status opentracker
+sudo chmod 666 /var/lib/opentracker/blacklist
+sudo systemctl restart opentracker.service 
+sudo systemctl status opentracker
+sudo iptables -A INPUT -p tcp --dport 6969 -j ACCEPT
+sudo iptables -A INPUT -p udp --dport 6969 -j ACCEPT
+sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -L INPUT -n -v --line-numbers | grep 6969
+sudo service iptables save
+exit
+ls /etc/wireguard/
+sudo ls /etc/wireguard/
+sudo cat /etc/wireguard/wg0.conf
+cat /etc/sysctl.d/99-forward.conf
+sudo ls /etc/sysctl.d
+cat /etc/sysctl.d/99-ipforward.conf 
+sudo sysctl net.ipv4.ip_forward
+sudo -i
+sudo systemctl status opentracker
+journalctl -xefu opentracker
+ss -tnp | grep 6969
+sudo sysctl -w net.ipv4.conf.all.rp_filter=0
+sudo sysctl -w net.ipv4.conf.eth0.rp_filter=0
+sudo sysctl -w net.ipv4.conf.wg0.rp_filter=0
+journalctl -xefu opentracker
+sudo cat /etc/sysconfig/iptables
+sysctl -w net.ipv4.ip_forward=1
+# ---- NAT (insert at top) ----
+iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE
+# ---- FORWARD ----
+iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
+iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
+iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT
+iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT
+iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+net.ipv4.ip_forward = 1
+sudo -i
+mkfs.ext4 "/dev/disk/by-id/scsi-0Linode_Volume_box"
+sudo -i
+mkdir /mnt/box/downloads
+sudo mkdir /mnt/box/downloads
+sudo chown jawz:users /mnt/box/downloads/
+ls -la
+sudo chown jawz:jawz /mnt/box/downloads/
+qbittorrent-nox 
+sudo useradd --system --create-home --home-dir /var/lib/qbittorrent --shell /sbin/nologin qbittorrent
+sudo mkdir -p /srv/torrents/{downloads,incomplete,watch}
+sudo chown -R qbittorrent:qbittorrent /srv/torrents /var/lib/qbittorrent
+sudo tee /etc/systemd/system/qbittorrent-nox.service >/dev/null <<'EOF'
+[Unit]
+Description=qBittorrent (nox)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=qbittorrent
+Group=qbittorrent
+UMask=0027
+WorkingDirectory=/var/lib/qbittorrent
+ExecStart=/usr/bin/qbittorrent-nox --profile=/var/lib/qbittorrent
+Restart=on-failure
+RestartSec=3
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+sudo systemctl daemon-reload
+sudo systemctl enable --now qbittorrent-nox
+sudo systemctl status qbittorrent-nox --no-pager
+sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf
+sudo systemctl restart qbittorrent-nox
+sudo nvim /etc/caddy/Caddyfile.d/75-qbittorrent.caddyfile
+sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf
+sudo systemctl stop qbittorrent-nox
+sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf
+sudo systemctl start qbittorrent-nox
+sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf
+sudo nvim /etc/caddy/Caddyfile.d/75-qbittorrent.caddyfile
+sudo systemctl restart caddy
+sudo systemctl status qbittorrent-nox --no-pager
+ls
+cat /etc/sysconfig/iptables
+sudo cat /etc/sysconfig/iptables
+ls /mnt/
+ls /mnt/box/
+rm /mnt/box/downloads/
+rmdir /mnt/box/downloads/
+sudo rmdir /mnt/box/downloads/
+sudo mv /srv/torrents/* /mnt/box/
+sudo umount /mnt/box 
+sudo nvim /etc/fstab 
+sudo mount -a
+sudo systemctl daemon-reload
+sudo mount -a
+ls -lag /srv/torrents/
+sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf
+cd /var/lib/qbittorrent/
+sudo -i
+exit
+sudo -i
+ssh server 
+exitr
+exit
+ls /srv/torrents/
+sudo mkdir /srv/torrents/tits
+sudo chown jawz:jawz /srv/torrents/tits/
+ls /srv/torrents/tits/
+sudo -i
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy
+exit
+ls
+df -h
+ssh server
+exit
+clear
+sudoedit /etc/sysconfig/iptables
+exit
+sudo grep 6060 /etc/
+sudo grep 6060 /etc/ -r
+sudo grep -r 6969 /etc/
+sudo cat /etc/ssh/sshd_config
+ls
+clear
+exit
+cat /etc/sysconfig/iptables
+sudo cat /etc/sysconfig/iptables
+sudo ls /etc/wireguard/
+sudo cat /etc/wireguard/wg0.conf
+sudo -i
+exit
+sudo -i
+sudo -i
+sudo -i
+iptables -S
+sudo iptables -S
+sudo nvim /etc/wireguard/wg0.conf
+exit
+curl # Test paperless (should fail)
+curl -v --connect-timeout 5 http://192.168.100.15:8000
+# Test sabnzbd (should fail)  
+curl -v --connect-timeout 5 http://192.168.100.15:3399
+curl -v --connect-timeout 5 http://192.168.100.15:8686
+sudo wg show
+exit
+sudo systemctl restart wg-quick@wg0.service 
+exit
+sudo nvim /etc/wireguard/wg0.conf
+sudo systemctl restart wg-quick@wg0.service 
+sudo nvim /etc/wireguard/wg0.conf
+exit
+sudo wg show
+exit
+sudo nvim /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+exit
+sudo systemctl restart wg-quick@wg0.service 
+sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+sudo systemctl restart caddy
+z nixos
+exit
+cat .ssh/id_ed25519.pub 
+cat .ssh/id_ed25519
+exit
+cat /etc/sysconfig/iptables
+sudo cat /etc/sysconfig/iptables
+exit
+sudo -i
+ls
+cat vps_public.key 
+ls .ssh/authorized_keys 
+cat .ssh/authorized_keys 
+exit

modules/servers/nextcloud.nix

@@ -171,7 +171,6 @@ in
           enableACME = false;
           http2 = false;
           serverAliases = [
-            "cloud.servidos.lat"
             "cloud.rotehaare.art"
           ];
           listen = [

secrets/ssh/ed25519_nixvps

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAg2NEQIaCDPaucUAqi1iUIppNyQJH2AHGm8RhZ8ZjQagAAAJggRAEdIEQB
+HQAAAAtzc2gtZWQyNTUxOQAAACAg2NEQIaCDPaucUAqi1iUIppNyQJH2AHGm8RhZ8ZjQag
+AAAECI12wNotU67+KnPGhWMcLUxotEQdz4jry+aijaiHP26CDY0RAhoIM9q5xQCqLWJQim
+k3JAkfYAcabxGFnxmNBqAAAAEGphd3pAd29ya3N0YXRpb24BAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

sudo_hist

@@ -0,0 +1,457 @@
+clear
+exit
+clear
+dnf install wireguard-tools neovim caddy
+systemctl enable --now caddy
+systemctl enable --now iptables
+dnf install iptables-services
+systemctl enable --now iptables
+
+ls /home/
+ls /home/fedora
+nano /etc/ssh/sshd_config
+nano /etc/wireguard/wg0.conf
+nano /etc/wireguard/home_private.key
+sudo useradd -m -s /bin/bash jawz
+sudo passwd jawz
+sudo usermod -aG wheel jawz
+visudo
+ls
+su jawz
+cat /home/jawz/iptables /etc/sysconfig/iptables
+cat /home/jawz/iptables > /etc/sysconfig/iptables
+cat /home/jawz/iptables-config /etc/sysconfig/iptables-config 
+cat /home/jawz/iptables-config > /etc/sysconfig/iptables-config 
+sudo systemctl restart iptables.service 
+nano /etc/hosts
+ls
+sudoedit /etc/ssh/sshd_config
+ls
+sudo reboot
+mv /home/jawz/Caddyfile.d/ /etc/caddy/
+ls /etc/caddy/
+ls /etc/caddy/ -la
+sudo chown root:root /etc/caddy/Caddyfile -R
+ls /etc/caddy/ -la
+chown root:root -R /etc/caddy/Caddyfile
+ls /etc/caddy/ -la
+chown root:root -R /etc/caddy/Caddyfile.d/
+ls /etc/caddy/ -la
+sudo systemctl restart caddy
+exit
+528491
+clear
+export TERM=xterm-256color
+clear
+sudo iptables -S
+ping google.com
+sudoedit /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+sudo systemctl restart wg-quick@wg0.service 
+sudo iptables -L FORWARD -n -v --line-numbers
+sudoedit /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+sudoedit /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+sudoedit /etc/sysconfig/iptables
+sudo iptables-save > /root/iptables-backup-$(date +%s)
+sudo iptables -F FORWARD
+sudo iptables-restore < /tmp/iptables
+sudo iptables -D FORWARD 4
+sudo iptables -S
+sudo systemctl restart iptables.service 
+sudo iptables -S
+sudoedit /etc/sysconfig/iptables
+sud nvim /etc/sysconfig/iptables
+sudo nvim /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+sudo journalctl -xeu iptables
+sudo nvim /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+sudo systemctl restart caddy
+cd /etc/caddy/Caddyfile.d/
+ls
+mv portfolio.caddyfile portfolio.caddyfile_
+sudo systemctl restart caddy
+sudoedit /etc/wireguard/wg0.conf 
+sudo systemctl restart wg-quick@wg0.service 
+ping 10.77.0.2:80
+sudoedit /etc/wireguard/wg0.conf 
+ping 10.77.0.2
+sudo journalctl -xefu wg-quick@wg0
+ping 10.77.0.2
+ping server
+wg show
+sudoedit /etc/wireguard/wg0.conf 
+wg show
+cd /etc/caddy/Caddyfile.d/
+mv portfolio.caddyfile_ portfolio.caddyfile
+mv portfolio.caddyfile portfolio.caddyfile_
+cat /etc/sysconfig/iptables
+sudo nvim /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+journalctl -xeu iptables
+sudo nvim /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+sudo iptables -L FORWARD -n -v --line-numbers
+# In one terminal, watch the iptables counters
+sudo watch -n1 'iptables -L FORWARD -n -v --line-numbers'
+export TERM=xterm-256color
+sudo watch -n1 'iptables -L FORWARD -n -v --line-numbers'
+sudo tcpdump -i any icmp -n
+ip addr show wg0
+sudo iptables -I FORWARD 6 -s 10.8.0.0/24 -d 10.77.0.2/32 -p icmp -j ACCEPT
+sudo iptables -I FORWARD 7 -s 10.77.0.2/32 -d 10.8.0.0/24 -p icmp -j ACCEPT
+sudo iptables -L FORWARD -n -v --line-numbers
+sudo iptables-save > /etc/sysconfig/iptables
+nano /etc/wireguard/wg0.conf 
+export TERM=xterm-256color
+nano /etc/wireguard/wg0.conf 
+systemctl restart wg-quick.target 
+systemctl restart wg-quick@wg0
+cat /etc/wireguard/wg0.conf 
+sudo nvim /etc/wireguard/wg0.conf 
+sudo systemctl restart wg-quick@wg0.service 
+wg show
+sudo nvim /etc/wireguard/wg0.conf 
+sudo systemctl restart wg-quick@wg0.service 
+wg show
+sudo systemctl enable ip6tables
+sudo systemctl disable --now nftables 2>/dev/null || true
+sudo systemctl mask nftables 2>/dev/null || true
+exit
+export TERM=xterm-256color
+sudo nano /etc/sysconfig/iptables
+cd /etc/caddy/Caddyfile.d/
+ls
+cat fun.caddyfile__ 
+rm fun.caddyfile__ 
+ls
+nano simple.caddyfile 
+export TERM=xterm-256color
+nano simple.caddyfile 
+nvim simple.caddyfile 
+mv simple.caddyfile servers.caddyfile
+systemctl restart caddy
+ls
+exit
+export TERM=xterm-256color
+cd /etc/caddy/Caddyfile.d/
+nvim servers.caddyfile 
+sudo systemctl restart caddy
+journalctl -xeu caddy
+cd /etc/caddy/Caddyfile.d/
+nvim redirect.caddyfile 
+sudo systemctl restart caddy
+nvim redirect.caddyfile 
+sudo journalctl -u caddy -f
+ls
+nvim redirect.caddyfile 
+mv redirect.caddyfile 10-redirect.caddyfile
+nvim 00-allowlist.caddyfile
+mv servers.caddyfile 20-servers.caddyfile
+cd ..
+ls
+nvim Caddyfile
+sudo systemctl restart caddy
+sudo journalctl -u caddy -f
+nvim Caddyfile
+sudo systemctl restart caddy
+nvim Caddyfile
+ls
+cd Caddyfile.d/
+ls
+mv 00-allowlist.caddyfile 00-allowlist.caddyfile_
+mv 10-redirect.caddyfile 10-redirect.caddyfile_
+sudo systemctl restart caddy
+exit
+cd /etc/caddy/Caddyfile.d/
+nvim servers.caddyfile 
+nvim redirect.caddyfile
+sudo caddy fmt --overwrite redirect.caddyfile 
+sudo caddy validate --config redirect.caddyfile 
+nvim /etc/caddy/Caddyfile.d/servers.caddyfile 
+systemctl restart caddy
+cd /etc/caddy/Caddyfile.d/
+ls
+rm 00-allowlist.caddyfile_ 10-redirect.caddyfile_ portfolio.caddyfile_ 
+ls
+mv portfolio.caddyfile_ 30-portfolio.caddyfile_
+nvim 30-portfolio.caddyfile_ 
+ls
+cat 20-servers.caddyfile 
+nvim 20-servers.caddyfile 
+systemctl restart caddy
+nvim 20-servers.caddyfile 
+nvim 10-nextcloud.caddyfile
+nvim 20-servers.caddyfile 
+cd ..
+cat Caddyfile.d/20-servers.caddyfile 
+cat Caddyfile.d/20-servers.caddyfile  | head -n 30
+cat Caddyfile.d/20-servers.caddyfile  | head -n 10
+nvim /etc/caddy/client_ca.pem
+nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+systemctl restart caddy
+cat Caddyfile.d/20-servers.caddyfile  | head -n 10
+exit
+nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+nvim /etc/caddy/Caddyfile.d/15-private.caddyfile
+sudo systemctl restart caddy
+nvim /etc/caddy/Caddyfile.d/10-nextcloud.caddyfile 
+nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+cat /etc/caddy/Caddyfile.d/20-servers.caddyfile 
+exit
+cd /etc/
+ls
+cd sysconfig/
+ls
+nvim iptables
+cat iptables
+curl 10.77.0.2:8999
+nvim iptables
+sudo systemctl restart iptables.service 
+exit
+curl 10.77.0.2:8999
+curl 10.8.0.2:8999
+curl 10.8.0.1:8999
+exit
+cd /etc/wireguard/
+ls
+cat wg0.conf 
+exit
+cd /etc/caddy/
+ls
+cd Caddyfile.d/
+ls
+mv 30-portfolio.caddyfile_ 30-portfolio.caddyfile
+cat 15-private.caddyfile__ 
+ls
+cat 25-static.caddyfile 
+cat 30-portfolio.caddyfile 
+rm 30-portfolio.caddyfile 
+nvim 25-static.caddyfile 
+systemctl restart caddy
+exit
+cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+nvim /etc/caddy/Caddyfile.d/25-static.caddyfile 
+sudo systemctl restart caddy
+cat /etc/caddy/Caddyfile.d/25-static.caddyfile 
+caddy validate --config /etc/caddy/Caddyfile.d/25-static.caddyfile 
+caddy fmt --overwrite /etc/caddy/Caddyfile.d/*
+caddy fmt --overwrite /etc/caddy/Caddyfile.d/25-static.caddyfile 
+find -tf /etc/caddy/Caddyfile.d/25-static.caddyfile 
+find -type f /etc/caddy/Caddyfile.d/
+find  /etc/caddy/Caddyfile.d/ -type f
+find  /etc/caddy/Caddyfile.d/ -type f -exec caddy fmt --overwrite {}
+find  /etc/caddy/Caddyfile.d/ -type f -exec caddy fmt --overwrite {} \;
+caddy validate --config /etc/caddy/Caddyfile.d/25-static.caddyfile 
+ls -la /var/www/html/portfolio/
+ls -la /var/www/html/portfolio/images/
+ls -la /var/www/html/portfolio/old_ijwbs/
+du -sh /var/www/html/portfolio/
+ls -la /var/www/html/portfolio/
+ls -la /var/www/html/portfolio/friends/
+cd /etc/sysconfig/
+ls
+cat iptables
+rg 51413
+rg 51412
+cat iptables
+sudo tcpdump -ni eth0 port 51412
+sudo tcpdump -ni wg0 port 51412
+sudo tcpdump -ni eth0 port 51412
+ss -ltnp | grep ":51412"
+sysctl -w net.ipv4.ip_forward=1
+# ---- NAT (insert at top) ----
+iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE
+# ---- FORWARD ----
+iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
+iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
+iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT
+iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT
+iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+net.ipv4.ip_forward = 1
+sysctl -w net.ipv4.ip_forward=1
+iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE
+iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
+iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
+iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT
+iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT
+iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -L FORWARD -n -v --line-numbers
+iptables -t nat -L -n -v --line-numbers
+iptables -L FORWARD -n -v --line-numbers
+iptables -t nat -L -n -v --line-numbers
+sudo tcpdump -ni eth0 port 51412
+curl -4 ifconfig.me
+tcpdump -ni eth0 port 51412
+ss -lntup | grep 51412
+iptables -t raw -I PREROUTING 1 -p tcp --dport 51412 -j NOTRACK
+iptables -t raw -I PREROUTING 1 -p udp --dport 51412 -j NOTRACK
+iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -j ACCEPT
+iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
+iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 --sport 51412 -j ACCEPT
+iptables -t nat -I POSTROUTING 1 -s 10.77.0.2 -o eth0 -j MASQUERADE
+tcpdump -ni wg0 port 51412
+sysctl net.ipv4.ip_forward
+iptables -t raw -I PREROUTING 1 -p tcp --dport 51412 -j NOTRACK
+iptables -t raw -I PREROUTING 2 -p udp --dport 51412 -j NOTRACK
+iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
+iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -j ACCEPT
+iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
+iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 --sport 51412 -j ACCEPT
+iptables -t nat -I POSTROUTING 1 -s 10.77.0.2 -o eth0 -j MASQUERADE
+tcpdump -ni wg0 port 51412
+tcpdump -ni eth0 'tcp port 51412'
+sysctl net.ipv4.conf.eth0.route_localnet
+sysctl -w net.ipv4.conf.eth0.route_localnet=1
+ip rule add fwmark 0x1 lookup 100
+ip route add default dev wg0 table 100
+iptables -t mangle -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j MARK --set-mark 1
+iptables -t mangle -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j MARK --set-mark 1
+tcpdump -ni eth0 'tcp port 51412'
+reboot
+mkfs.ext4 "/dev/disk/by-id/scsi-0Linode_Volume_box"
+mkdir /mnt/box
+mount "/dev/disk/by-id/scsi-0Linode_Volume_box" "/mnt/box"
+nvim /etc/fstab 
+cd /mnt/box/
+ls -lag
+sudo dnf install -y qbittorrent-nox
+exit
+cd /srv/torrents/downloads/
+ls
+cd The.Sims.4.Jenny/
+ls
+du -sh
+rm rune
+rm rune.nfo 
+exit
+cd /srv/torrents/downloads/
+ls
+ls ../incomplete/
+ls
+ls in
+ls ../incomplete/
+ls
+ls -lag
+cd ..
+su -sh
+dh -sh
+du -sh
+df -h
+ls
+rm -rf incomplete/The.Sims.4.Jenny/
+exit
+cd
+cd /srv/torrents/
+ls -lag
+du -sh
+ls
+mv tits/The.Sims.4.Jenny/ incomplete/
+rmdir tits/
+chown -R qbittorrent:qbittorrent incomplete/
+cd /etc/sysconfig/
+ls
+cp iptables iptables_working
+nvim iptables
+systemctl restart iptables.service 
+journal -xeu iptables
+journalctl -xeu iptables
+nvim iptables
+systemctl restart iptables.service 
+journalctl -xeu iptables
+exit
+nvim iptables
+cd /etc/sysconfig/
+nvim iptables
+cd /etc/wireguard/
+ls
+nvim wg0.conf 
+nvim /etc/sysconfig/iptables
+cd /etc/wireguard/
+ls
+wg genkey | tee privatekey | wg pubkey > publickey
+ls
+rm privatekey publickey 
+ls
+mkdir friend
+cd friend/
+wg genkey | tee privatekey | wg pubkey > publickey
+ls
+cat privatekey 
+cat publickey 
+nvim ../wg0.conf 
+cat privatekey 
+nvim ../wg0.conf 
+systemctl restart wireguard
+systemctl restart wg-quick@wg0.service 
+nvim /etc/sysconfig/iptables
+nvim ../wg0.conf 
+systemctl restart wg-quick@wg0.service 
+nvim ../wg0.conf 
+wg show
+nvim ../wg0.conf 
+nvim /etc/sysconfig/iptables
+sudo systemctl restart iptables.service 
+nvim ../wg0.conf 
+cd /etc/wireguard/
+ls
+cd friend/
+ls
+rm *
+wg genkey | tee privatekey | wg pubkey > publickey
+cat publickey 
+nvim ../wg0.conf 
+cat privatekey 
+nvim ../wg0.conf 
+rm *
+wg genkey | tee privatekey | wg pubkey > publickey
+cat publickey 
+nvim ../wg0.conf 
+cat privatekey 
+rm *
+wg genkey | tee privatekey | wg pubkey > publickey
+cat publickey 
+nvim ../wg0.conf 
+cat privatekey 
+nvim /etc/sysconfig/iptables
+sudo reboot 
+cd /etc/caddy/Caddyfile.d/
+ls
+rg xxx
+nvim 15-private.caddyfile
+sudo systemctl restart caddy
+nvim 15-private.caddyfile
+nvim 15-private.caddyfile__ 
+exit
+cd /etc/wireguard/
+ls
+cat wg0.conf 
+ls
+ls friend/
+rm friend/ -rf
+ls
+cd /var/www/html/
+ls -lag blog/          lidarr-mb-gap/ portfolio/
+ls -lag
+ls -la
+ls
+cd
+su deploy
+su lidarr-reports 
+exit